How to configure the Knox built-in VPN
Last updated July 26th, 2023
- Knox Service Plugin
- Samsung Knox Developer access
Samsung devices contain an enhanced version of the built-in Android VPN client. If you want to use this enhanced VPN Service, you can do so by pushing the Android VPN Management for Knox app and configuring the VPN profile with Knox Service Plugin.
How to download Android VPN Management for Knox
This configuration requires the Android VPN Management for Knox app to allow communication between Samsung’s enhanced VPN framework and the built-in Android VPN client. The app can be found on the Knox Developer Portal.
To download the Android VPN Management for Knox app:
On the Knox Partner Program console, go to Knox Developers.
Under SDK Tools, click SDK Downloads.
In SDK Downloads list, find Android VPN Management for Knox.
The downloaded zip file contains two apps:
In your EMM console, assign GPT_KnoxSettingsVPNPlugin.apk as an internal app in your device’s profile, then push the app to the device.
How to configure the VPN profile
To add a VPN configuration to a Knox Service Plugin profile:
On your EMM console, go to Profile.
Create a new profile or modify an existing profile.
Set the following Knox Service Plugin policies:
- Device-wide policies > Enable Device policy controls — True
- Device-wide policies > VPN policy (Premium) > Enable VPN controls — True
- Device-wide policies > Name of VPN profile to use — Enter your VPN profile name
For work profiles, the same configuration must be created in Work profile policies (Profile Owner). When configuring VPN policies for a work profile, the configuration can be set up for the entire profile, or for selected apps.
To configure a VPN Profile:
Under VPN Profiles (Premium), create the following configuration (by default, the first configuration is called Configuration 1 ):
- Profile Name — Enter the same name from the Device-wide policies > Name of VPN profile to use policy.
- Vendor — Knox built-in
- Host — Enter the VPN gateway (server) address.
- VPN connection type — Select the security protocol that the Knox VPN client uses.
- Parameters for Knox built-in VPN (for Strong Swan) > Authentication Type — Select the type of authentication that the Knox VPN client uses.
- Fill the remaining fields depending on your configuration requirements.
Click Save & Assign to save your changes and assign the profile to your device group.
Additional informationBack to KBAs
Is this page helpful?
Thank you for your feedback!